We have a k1000 and a k2000, but for enhanced security we deploy machines nearly as patched as possible. This downloads a good chunk of Windows updates from microsoft's site: http://www.windowsupdatesdownloader.com/Default.aspx directly so you know it is safe to use.

I use http://www.wincert.net/forum/forum/179-win-toolkit/ to slipstream updates into Windows 7, but if time in imaging is not a huge issue you can generally throw all the updates in a post-install task on the k2000 and use this in a batch file:

for /f %i in ('dir /ab *.msu') do wusa.exe "%i" /quiet

That will only install *.msu extension updates, but that is a large portion of them.